add clean up logic

Author: shraddhabang

controllers/gateway/config_resolver.go

@@ -7,12 +7,14 @@ import (
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/gatewayutils"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 type gatewayConfigResolver interface {
-	getLoadBalancerConfigForGateway(ctx context.Context, k8sClient client.Client, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) (elbv2gw.LoadBalancerConfiguration, error)
+	getLoadBalancerConfigForGateway(ctx context.Context, k8sClient client.Client, finalizerManager k8s.FinalizerManager, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) (elbv2gw.LoadBalancerConfiguration, error)
 }
 
 type gatewayConfigResolverImpl struct {
@@ -27,7 +29,7 @@ func newGatewayConfigResolver() gatewayConfigResolver {
 	}
 }
 
-func (resolver *gatewayConfigResolverImpl) getLoadBalancerConfigForGateway(ctx context.Context, k8sClient client.Client, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) (elbv2gw.LoadBalancerConfiguration, error) {
+func (resolver *gatewayConfigResolverImpl) getLoadBalancerConfigForGateway(ctx context.Context, k8sClient client.Client, finalizerManager k8s.FinalizerManager, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) (elbv2gw.LoadBalancerConfiguration, error) {
 
 	// If the Gateway Class isn't accepted, we shouldn't try to reconcile this Gateway.
 	derivedStatusIndx, ok := deriveAcceptedConditionIndex(gwClass)
@@ -43,6 +45,12 @@ func (resolver *gatewayConfigResolverImpl) getLoadBalancerConfigForGateway(ctx c
 	}
 
 	if gatewayClassLBConfig != nil {
+		// Add finalizers on lb config only when they are referred by gateway indirectly through the gateway class. We call the lb config is in use in such cases.
+		if !k8s.HasFinalizer(gatewayClassLBConfig, shared_constants.LoadBalancerConfigurationFinalizer) {
+			if err := finalizerManager.AddFinalizers(ctx, gatewayClassLBConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+				return elbv2gw.LoadBalancerConfiguration{}, errors.Errorf("failed to add finalizers on load balancer configuration %s", k8s.NamespacedName(gatewayClassLBConfig))
+			}
+		}
 		storedVersion := getStoredProcessedConfig(gwClass)
 		if storedVersion == nil || *storedVersion != gatewayClassLBConfig.ResourceVersion {
 			var safeVersion string
@@ -61,6 +69,15 @@ func (resolver *gatewayConfigResolverImpl) getLoadBalancerConfigForGateway(ctx c
 		return elbv2gw.LoadBalancerConfiguration{}, err
 	}
 
+	if gatewayLBConfig != nil {
+		// Add finalizers on lb config only when they are referred by gateway directly. We call the lb config is in use in such cases.
+		if !k8s.HasFinalizer(gatewayLBConfig, shared_constants.LoadBalancerConfigurationFinalizer) {
+			if err := finalizerManager.AddFinalizers(ctx, gatewayLBConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+				return elbv2gw.LoadBalancerConfiguration{}, errors.Errorf("failed to add finalizers on load balancer configuration %s", k8s.NamespacedName(gatewayLBConfig))
+			}
+		}
+	}
+
 	if gatewayClassLBConfig == nil && gatewayLBConfig == nil {
 		return elbv2gw.LoadBalancerConfiguration{}, nil
 	}

controllers/gateway/config_resolver_test.go

@@ -2,10 +2,14 @@ package gateway
 
 import (
 	"context"
+	"github.com/golang/mock/gomock"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
+	mock_client "sigs.k8s.io/aws-load-balancer-controller/mocks/controller-runtime/client"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 	"testing"
@@ -15,6 +19,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 	mergedConfigName := "mergedConfig"
 	gwClassName := "gwclass"
 	gwName := "gw"
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	k8sClient := mock_client.NewMockClient(ctrl)
+	k8sFinalizerManager := k8s.NewMockFinalizerManager(ctrl)
 
 	testCases := []struct {
 		name             string
@@ -27,12 +36,15 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 		resolvedGatewayClassConfig *elbv2gw.LoadBalancerConfiguration
 		resolvedGatewayConfig      *elbv2gw.LoadBalancerConfiguration
 
+		setupMocks func()
+
 		expectErr bool
 		expected  elbv2gw.LoadBalancerConfiguration
 	}{
 		{
 			name:              "gw class isnt accepted",
 			inputGatewayClass: &gwv1.GatewayClass{},
+			setupMocks:        func() {},
 			expectErr:         true,
 		},
 		{
@@ -47,7 +59,8 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 					},
 				},
 			},
-			expectErr: true,
+			setupMocks: func() {},
+			expectErr:  true,
 		},
 		{
 			name: "gw class isnt accepted -- condition is explicitly false",
@@ -61,7 +74,8 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 					},
 				},
 			},
-			expectErr: true,
+			setupMocks: func() {},
+			expectErr:  true,
 		},
 		{
 			name: "gw class accepted -- fail to get gw class config",
@@ -107,6 +121,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{ResourceVersion: "1"},
 				}, nil
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil)
+			},
 			expectErr: true,
 		},
 		{
@@ -156,6 +175,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{ResourceVersion: "1"},
 				}, nil
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil)
+			},
 			expectErr: true,
 		},
 		{
@@ -188,7 +212,8 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 				}
 				return nil, errors.New("bad thing")
 			},
-			expected: elbv2gw.LoadBalancerConfiguration{},
+			setupMocks: func() {},
+			expected:   elbv2gw.LoadBalancerConfiguration{},
 		},
 		{
 			name: "gw class accepted -- only gw class configs",
@@ -234,6 +259,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 			expected: elbv2gw.LoadBalancerConfiguration{
 				ObjectMeta: metav1.ObjectMeta{Name: "gwclass", ResourceVersion: "1"},
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil)
+			},
 		},
 		{
 			name: "gw class accepted -- only gw config",
@@ -278,6 +308,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 			expected: elbv2gw.LoadBalancerConfiguration{
 				ObjectMeta: metav1.ObjectMeta{Name: "gw", ResourceVersion: "1"},
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil)
+			},
 		},
 		{
 			name: "gw class accepted -- both gw and gwclass have config - perform merge",
@@ -327,6 +362,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 			expected: elbv2gw.LoadBalancerConfiguration{
 				ObjectMeta: metav1.ObjectMeta{Name: mergedConfigName},
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil).Times(2)
+			},
 		},
 		{
 			name: "gw class accepted -- but processed config version has a mismatch",
@@ -369,6 +409,11 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{Name: "gwclass", ResourceVersion: "1"},
 				}, nil
 			},
+			setupMocks: func() {
+				k8sFinalizerManager.EXPECT().
+					AddFinalizers(context.Background(), gomock.Any(), shared_constants.LoadBalancerConfigurationFinalizer).
+					Return(nil)
+			},
 			expectErr: true,
 		},
 	}
@@ -384,8 +429,8 @@ func Test_getLoadBalancerConfigForGateway(t *testing.T) {
 				},
 				configResolverFn: tc.configResolverFn,
 			}
-
-			result, err := r.getLoadBalancerConfigForGateway(context.Background(), nil, tc.inputGateway, tc.inputGatewayClass)
+			tc.setupMocks()
+			result, err := r.getLoadBalancerConfigForGateway(context.Background(), k8sClient, k8sFinalizerManager, tc.inputGateway, tc.inputGatewayClass)
 			if tc.expectErr {
 				assert.Error(t, err)
 				return

controllers/gateway/eventhandlers/gatewayclass/load_balancer_configuration_events.go

@@ -43,13 +43,15 @@ type enqueueRequestsForLoadBalancerConfigurationEvent struct {
 }
 
 func (h *enqueueRequestsForLoadBalancerConfigurationEvent) Create(ctx context.Context, e event.TypedCreateEvent[*elbv2gw.LoadBalancerConfiguration], queue workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	// We don't need to respond to create events.
+	lbconfig := e.Object
+	h.logger.V(1).Info("enqueue loadbalancerconfiguration create event", "loadbalancerconfiguration", k8s.NamespacedName(lbconfig))
+	h.enqueueImpactedGatewayClass(ctx, lbconfig, queue)
 }
 
 func (h *enqueueRequestsForLoadBalancerConfigurationEvent) Update(ctx context.Context, e event.TypedUpdateEvent[*elbv2gw.LoadBalancerConfiguration], queue workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	lbconfigNew := e.ObjectNew
 	h.logger.V(1).Info("enqueue loadbalancerconfiguration update event", "loadbalancerconfiguration", k8s.NamespacedName(lbconfigNew))
-	// to clean up any residual unsed lb configs with finalizers on them
+	// to remove finalizers on this residual unused lb config so that the deletion can be done on these
 	if !lbconfigNew.DeletionTimestamp.IsZero() && k8s.HasFinalizer(lbconfigNew, shared_constants.LoadBalancerConfigurationFinalizer) && !gatewayutils.IsLBConfigInUse(ctx, lbconfigNew, nil, nil, h.k8sClient, h.gwControllers) {
 		if err := h.finalizerManager.RemoveFinalizers(ctx, lbconfigNew, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
 			h.logger.V(1).Info("failed to remove finalizers on load balancer configuration as its currently in use", "load balancer configuration", lbconfigNew.Name)

controllers/gateway/gateway_controller.go

@@ -165,7 +165,13 @@ type gatewayReconciler struct {
 func (r *gatewayReconciler) Reconcile(ctx context.Context, req reconcile.Request) (ctrl.Result, error) {
 	r.reconcileTracker(req.NamespacedName)
 	err := r.reconcileHelper(ctx, req)
-	return runtime.HandleReconcileError(err, r.logger)
+	res, reconcileErr := runtime.HandleReconcileError(err, r.logger)
+	if reconcileErr != nil {
+		return res, reconcileErr
+	}
+	//if reconcile was successful, then clean up residual finalizers on unused resources
+	r.cleanUpResidualFinalizers()
+	return res, nil
 }
 
 func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.Request) error {
@@ -194,7 +200,7 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R
 		return nil
 	}
 
-	mergedLbConfig, err := r.cfgResolver.getLoadBalancerConfigForGateway(ctx, r.k8sClient, gw, gwClass)
+	mergedLbConfig, err := r.cfgResolver.getLoadBalancerConfigForGateway(ctx, r.k8sClient, r.finalizerManager, gw, gwClass)
 
 	if err != nil {
 		statusErr := r.updateGatewayStatusFailure(ctx, gw, gwv1.GatewayReasonInvalid, err.Error())
@@ -273,12 +279,6 @@ func (r *gatewayReconciler) reconcileUpdate(ctx context.Context, gw *gwv1.Gatewa
 		return err
 	}
 
-	// add load balancer configuration finalizer
-	if err := gatewayutils.AddLoadBalancerConfigurationFinalizers(ctx, gw, gwClass, r.k8sClient, r.finalizerManager, r.controllerName); err != nil {
-		r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedAddFinalizer, fmt.Sprintf("Failed add load balancer configuration finalizer due to %v", err))
-		return err
-	}
-
 	err := r.deployModel(ctx, gw, stack)
 	if err != nil {
 		return err
@@ -545,3 +545,23 @@ func isGatewayProgrammed(lbStatus elbv2model.LoadBalancerStatus) bool {
 	return lbStatus.ProvisioningState.Code == elbv2types.LoadBalancerStateEnumActive || lbStatus.ProvisioningState.Code == elbv2types.LoadBalancerStateEnumActiveImpaired
 
 }
+
+// We remove the finalizers on any lb config which is not being used anymore by any gateways so that these lb configs can be deleted safely
+// This is a low priority task and hence we dont want to block reconciler by throwing any errors if the removal of finalizers fails for some reason. It may be retried later.
+func (r *gatewayReconciler) cleanUpResidualFinalizers() {
+	lbConfigList := &elbv2gw.LoadBalancerConfigurationList{}
+	// TODO: Implement cache
+	if err := r.k8sClient.List(context.Background(), lbConfigList); err != nil {
+		r.logger.Error(err, "failed to fetch load balancer configurations for clean up residual finalizersß")
+		return
+	}
+	for i, _ := range lbConfigList.Items {
+		lbConfig := &lbConfigList.Items[i]
+		if k8s.HasFinalizer(lbConfig, shared_constants.LoadBalancerConfigurationFinalizer) && !gatewayutils.IsLBConfigInUse(context.Background(), lbConfig, nil, nil, r.k8sClient, sets.New(r.controllerName)) {
+			if err := r.finalizerManager.RemoveFinalizers(context.Background(), lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+				r.logger.V(1).Info("failed to remove finalizers on load balancer configuration", "load balancer configuration", k8s.NamespacedName(lbConfig))
+			}
+			return
+		}
+	}
+}

pkg/gateway/gatewayutils/lb_config_utils.go

@@ -6,45 +6,12 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
-	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/constants"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
-// AddLoadBalancerConfigurationFinalizers add finalizer to load balancer configuration when it is in use by gateway or gatewayClass
-func AddLoadBalancerConfigurationFinalizers(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass, k8sClient client.Client, manager k8s.FinalizerManager, controllerName string) error {
-	// add finalizer to lbConfig referred by gatewayClass
-	if gwClass.Spec.ParametersRef != nil && string(gwClass.Spec.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
-		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
-		if err := k8sClient.Get(ctx, types.NamespacedName{
-			Namespace: string(*gwClass.Spec.ParametersRef.Namespace),
-			Name:      gwClass.Spec.ParametersRef.Name,
-		}, lbConfig); err != nil {
-			return client.IgnoreNotFound(err)
-		}
-		if err := manager.AddFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
-			return err
-		}
-	}
-
-	// add finalizer to lbConfig referred by gateway
-	if gw.Spec.Infrastructure != nil && gw.Spec.Infrastructure.ParametersRef != nil && string(gw.Spec.Infrastructure.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
-		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
-		if err := k8sClient.Get(ctx, types.NamespacedName{
-			Namespace: gw.Namespace,
-			Name:      gw.Spec.Infrastructure.ParametersRef.Name,
-		}, lbConfig); err != nil {
-			return client.IgnoreNotFound(err)
-		}
-		if err := manager.AddFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func RemoveLoadBalancerConfigurationFinalizers(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass, k8sClient client.Client, manager k8s.FinalizerManager, controllerNames sets.Set[string]) error {
 	// remove finalizer from lbConfig - gatewayClass
 	if gwClass != nil {
@@ -102,10 +69,10 @@ func ResolveLoadBalancerConfig(ctx context.Context, k8sClient client.Client, ref
 }
 
 func IsLBConfigInUse(ctx context.Context, lbConfig *elbv2gw.LoadBalancerConfiguration, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass, k8sClient client.Client, controllerNames sets.Set[string]) bool {
-	return IsLBConfigInUseByGatewayClass(ctx, lbConfig, gwClass, k8sClient, controllerNames) ||
+	return IsLBConfigInUseByGatewayClass(ctx, lbConfig, gw, gwClass, k8sClient, controllerNames) ||
 		IsLBConfigInUseByGateway(ctx, lbConfig, gw, k8sClient, controllerNames)
 }
-func IsLBConfigInUseByGatewayClass(ctx context.Context, lbConfig *elbv2gw.LoadBalancerConfiguration, gwClass *gwv1.GatewayClass, k8sClient client.Client, controllerNames sets.Set[string]) bool {
+func IsLBConfigInUseByGatewayClass(ctx context.Context, lbConfig *elbv2gw.LoadBalancerConfiguration, currGw *gwv1.Gateway, gwClass *gwv1.GatewayClass, k8sClient client.Client, controllerNames sets.Set[string]) bool {
 	// fetch all the gateway classes referenced by lb config
 	gwClassesUsingLBConfig := GetImpactedGatewayClassesFromLbConfig(ctx, k8sClient, lbConfig, controllerNames)
 
@@ -129,8 +96,15 @@ func IsLBConfigInUseByGatewayClass(ctx context.Context, lbConfig *elbv2gw.LoadBa
 	// are found to be managing one or more active Gateway resources.
 	for _, controllerName := range controllerNames.UnsortedList() {
 		for _, gwClassUsingLBConfig := range gwClassesUsingLBConfig {
-			if len(GetGatewaysManagedByGatewayClass(ctx, k8sClient, gwClassUsingLBConfig, controllerName)) > 0 {
-				return true
+			gwList := GetGatewaysManagedByGatewayClass(ctx, k8sClient, gwClassUsingLBConfig, controllerName)
+			if currGw == nil {
+				return len(gwList) > 0
+			}
+			//skip the current gw from the list if it is not nil
+			for _, gw := range gwList {
+				if k8s.NamespacedName(currGw) != k8s.NamespacedName(gw) {
+					return true
+				}
 			}
 		}
 	}
@@ -149,7 +123,7 @@ func IsLBConfigInUseByGateway(ctx context.Context, lbConfig *elbv2gw.LoadBalance
 	}
 	// check if lbConfig is referred by any other gateway
 	for _, gwUsingLBConfig := range gwsUsingLBConfig {
-		if gwUsingLBConfig.Name != gw.Name || gwUsingLBConfig.Namespace != gw.Namespace {
+		if k8s.NamespacedName(gwUsingLBConfig) != k8s.NamespacedName(gw) {
 			return true
 		}
 	}